UDP and NAT
Guus Sliepen
guus at tinc-vpn.org
Wed Apr 1 16:13:17 CEST 2009
On Wed, Apr 01, 2009 at 10:49:17AM -0300, Raul Dias wrote:
> > [...]The protocol uses the source
> > address + portnumber of UDP packet to determine which node it came from. Simply
> > disregarding the portnumber is not a full solution.
> What about breaking the protocol (with a fallback option) and move this
> information to the payload instead of relaying on UDP header.
>
> This would make easier to make tinc protocol independent in the future.
I will do that in tinc 2.0. For 1.x, I'm now trying to get it to work with the
existing protocol, by sending a different session key to different nodes. If a
packet from an unknown address/port comes in, tinc can check all known
addresses for a match, and try to decrypt the packet with the session keys of
all matching nodes. If it works, then tinc knows which node the packet came
from and can update the address and port it uses to communicate via UDP with
that node.
But implementing things correctly is much harder than ideas sound...
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20090401/66ad1f57/attachment.pgp
More information about the tinc
mailing list